Table of Contents

• PerfSPEC Learning Phas# PerfSPEC Learning Phasee
• Files
• Data
• Layout
• Collect data
• Process data
• Data Models
• Learning Notebooks
• Reference

PerfSPEC Learning Phas# PerfSPEC Learning Phasee

Based in PrefSPEC: Performance Profiling-based Proactive Security Policy Enforcement for Containers document presented in [1], thir repository contains source files used to generate and process data.

Main Reference: PrefSPEC document as White paper

Presentación in Spanish

How to install covers basic enviroment,tools, and recommendations.

PerfSPEC

Important

With PerfSPEC Security Policies can be managed / watched in Proactive mode by using ranking, learning and profiles for safetiness and performance.

It has three phases:

• Ranking
• Learning
• Runtime

This repository is focused in Learning phase with attention on:

• Event logs info load and process
• Predictive learning model

Note

It is considered that event data collection in raw-audit-logs.log.xz are realistic and representative to simulate administrative operations.

Files

Data

• raw-audit-logs.log contains raw Kubernetes audit logs collected using the audit-policy.yaml audit policy.

Layout

Tools are distributed in directories:

• Collect
• Process
• Learning

Content structure overview with notes

    ├── PerfSPEC.pdf                   Reference document
    ├── README.md
    ├── about.md
    ├── actions_distribution.pdf       Generated actions distribytion
    ├── collect                        Collect logs scripts 
    ├── data                           Extracted from compress archive 
    ├── data_sample.tar.xz             Compress archive with 'data'
    ├── imgs
    ├── install.md                     Installation notes
    ├── intro.md
    ├── learning
    ├── models                        Extracted from compress archive
    ├── models_sample.tar.xz          Comperss archive with 'models'
    ├── presentacion.pdf              Presentation slides
    └── raw-audit-logs.log.xz         Main Raw Logs file
 

A full directory layout is available.

As some tasks can be used in Python or Rust there are or will be directories for each programming languge inside directories tasks.

Each task/programming-language use a common data directory where processing output files is generated.

Collect data

If you wish to collect your own dataset, there are several source files that might help:

• collect/audit-policy.yaml is for Kubernetes event logs capture, other resources are also required: adminssion controllers, etc
• collect/collect.py is a script to trigger the installation and uninstallation of public Helm repositories.
• collect/helm-charts.json is a backup of Helm charts used at the time of the collection.

Process data

raw-audit-logs.log main-audit-logs.log actions-dataset-audit.txt

actions_distribution.pdf

Data Models

Caution

These files are default names and paths, can be changed:

• by settings modifications
• by command-line in running script mode. Add *--help for more info

models/checkpoints is where files are stored as part of learning process:

├── checkpoints
    │   ── model_at_epoch_175.keras
    └── model_at_epoch_185.keras

models/perfSPEC_model.keras is the generated model by default models/history.json is model history with stats

Learning Notebooks

learning/python/lib_perfspec.py Main library with settings

learning/python/prepare_perfspec.py Prepare data from raw to source for learning models

learning/python/train_perfspec.py To train model from data learning/python/run_perfspec.py To run/check predictions

learning/python/model_perfspec.py To inspect / review generated models

__ pycache __ is for Python execution, is ignored in git tasks.

Reference

[1]: H. Kermabon-Bobinnec et al., "PerfSPEC: Performance Profiling-based Proactive Security Policy Enforcement for Containers," in IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/TDSC.2024.3420712.